Specialists in ethical hacking from the cybersecurity firm Kaspersky reported the discovery of a new ransomware variant much more dangerous than encryption malware conventionally used by threat actors.
This new malware, known as Sodin, exploits a
zero-day flaw in the Windows
operating system tracked as CVE-2018-8453; in other words, the targeted user
doesn’t even have to be exposed to a phishing campaign for hackers to gain
access to the compromised system (phishing is the main attack vector to infect
a system with ransomware).
As ethical hacking specialists report, threat
actors should only find a vulnerable server and execute a command that
downloads the malicious file called “radm.exe”. This file stores the
ransomware locally and then runs it.
Researchers at the cybersecurity firm added
that the Sodin ransomware also employs a technique known as “Heaven’s
Gate”, which allows hackers to execute 64-bit code from a 32-bit execution
process. “This is an unconventional behavior in ransomware attacks, making
it difficult to detect and analyze the malware,” the experts said.
Hackers reportedly demand a ransom of up to
$2,500 USD in cryptocurrency from all victims of the malware. So far, most
Sodin infections have been detected on the Asian continent, mainly in Taiwan,
South Korea and Hong Kong. However, ethical hacking specialists from the
International Cyber Security Institute (IICS) do not rule out the possibility
that some cases of infection will begin to emerge in North and Latin America.
Ransomware is one of the most commonly used
cyberattack variants nowadays; however, it is rare to find such a complex
encryption malware, capable of exploiting the CPU architecture itself to infect
a device. Due to the large number of potentially vulnerable systems, reports of
Sodin infection are expected to grow exponentially in the coming months.
“It is obvious that the developers of this malware invested huge resources
in their creation, so they will try to recover their assets as soon as possible”,
the experts concluded.
